According to the U.S. Census, more than 75 percent of American households have access to a computer and roughly 89 percent of people in the U.S. own a smartphone. With this level of connectivity, many Americans find themselves victimized by cyber criminals.
“Being online exposes us to cyber criminals and others, basically who commit identity theft, fraud, harassment, so every time we connect to the internet at home, school or work or on mobile devices, we make decisions that affect our cybersecurity,” said Darren Waldrep, assistant professor for Management of Cybersecurity Operations at Athens State University.
One of the best ways to protect against cyber threats is through herd immunity. It is every one’s responsibility to maintain cyber security.
“Emerging cyber threats require engagement with the entire American community to create a cyber safe environment, you know, from government, law enforcement to the private sector and most importantly, the ordinary citizen,” said Waldrep.
Being in an area with a high level of Department of Defense and Department of Energy activity, there are concerns for the possibility of Russian cyber attacks on critical infrastructure. According to Waldrep, an attack is unlikely due to the U.S.’s ability to retaliate in turn.
“A Russian attack on the United States critical infrastructure is possible. Nobody’s denying that, but it’s not likely, since the attacks would have a high likelihood of their fingerprints all over it, of coming from Russia,” said Waldrep. “So they also know that the U.S. could also respond in kind, and so they know our capabilities of cyber warfare. Just like we know theirs. So at this point, there probably would not be any real fear of Russian attacks, but really, there’s no magic wand or magic pill to prevent anything like that either.”
Often, cyber breaches come through phishing attacks. Phishing is when a cyber criminal sends an email under the guise of being a reputable organization. The email will contain a link that, when opened, will compromise the security of the device and the server.
“When you’re on the internet, or if you’re checking email, most of the things will come from data breaches and ransomware, and that kind of stuff happens through phishing attacks,” said Waldrep.
Phishing emails are not generally individual attacks and are usually sent out to a large number of people to increase the chances of someone clicking the bait.
An organization’s cyber security is as strong as its most vulnerable person.
“Regardless of how secure your organization may be against cyber threats, you still have employees that may inadvertently click on one of these links, and so now you’ve allowed the attacker inside access,” said Waldrep.
To prevent cyber criminals from gaining access to sensitive information, people should practice having good “cyber hygiene.” This can be having strong passwords, not clicking links from strangers and implementing two factor authentication.
“What I would tell people, you know, good cyber hygiene is to make your passwords complex by using letters, numbers, symbols, any combination of that and also implementing a two factor authentication is also a good idea. I know Facebook, Google, you know, Gmail and Amazon Web Services and some of those offer two factor authentication on their accounts,” said Waldrep. “So if someone does try to hack your account, then they have to have that second piece to get into your account, not just one password.”
Other ways to maintain good cyber hygiene are to keep operating systems up to date with the latest patches and to utilize antivirus software. People should avoid opening emails from strangers to prevent inadvertently opening a phishing link.
“A lot of times around tax season, people will get calls from the IRS or claiming to be the IRS. What people need to understand is that the Social Security Administration, your bank or the IRS is not going to call you and ask you for your credentials they already have,” said Waldrep.
If you receive a phone call from someone alleging to be with the IRS, the SSA or your bank, hang up and contact the organization they claimed to be directly. Never give sensitive information over the phone or through email.
If your accounts are compromised, place a security freeze on your credit report to prevent fraudulent activity. Report the compromise to your banking agency so they can cancel cards and monitor for fraudulent purchases.
A point of concern for many is the Browns Ferry Nuclear Plant. While Waldrep assures the possibility of a Russian cyber attack on critical infrastructure is unlikely, the TVA is prepared should it happen.
“TVA continually monitors for ever-changing threats to cybersecurity. We use a multi-layer security strategy, including a combination of hardware, software and procedural controls, to secure our critical generation, transmission and business infrastructure systems. TVA’s cybersecurity team monitors the entire enterprise 24/7 and coordinates with federal security agencies to rapidly implement new protective measures for targeted cybersecurity issues,” said the TVA in a statement to The News Courier.
Gloss